Communications devices, such as mobile telephones or personal computers, allow a subscriber to attach to a communication network and communicate with other devices. Furthermore, a growth area is that of machine to machine (M2M) communication, in which communications are sent between different devices without human intervention. Examples of the use of M2M communication include sensor networks (for example, networks for monitoring weather conditions), surveillance equipment (for example alarm systems, video monitoring, and so on), vehicle fleet management, vending machines, monitoring manufacturing and so on.
It is predicted that in the long term future, there will be billions of M2M devices, and the number of M2M devices will far exceed the number of devices used for communication between humans (such as mobile telephones, personal computers and so on).
When a device wishes to attach to an existing 3GPP mobile access network, it must register with the network and be authenticated. Registration and authentication are handled using information contained in a Subscriber Identity Module (SIM) or Universal Subscriber Identity Module (USIM) at the device. Each device is uniquely identified by an International Mobile Subscriber Identity (IMSI) that is stored at the SIM/USIM.
A USIM may be obtained by downloading from a remote node. This is described in 3GPP standard TS 33.812. TS 33.812 discloses a system in which a device initially attaches to a network using standard 3GPP radio technologies. The device receives an initial authentication and authorization for a limited set of operations from the network provider to which the device is connected. The limited authorization is used to trigger the authentication and authorization of the connection to a provider of shared secrets, authorization certificates, and services which are attached to the subscription of the user of the device. These are downloaded into a secure area of the device, so that the shared secret and authentication certificates can be used to authenticate and authorize the device to confirm that it is being used under the user's subscription towards the network to which it has attached.
Document TR 33.812 describes several variations that are intended to enhance security, operability, and other factors. These include methods which leverage the presence of a Universal Integrated Circuit Card (UICC), as well as methods which assume that a UICC is not present.
The mechanisms described in TR 33.812 are intended to establish communication between a device and its home network, and are intended for devices terminals which are reusable. In other words, a device may establish a connection using its temporary ID on multiple occasions.
In some circumstances a device may be designed for one-time (or extremely rare) usage. This is most likely in M2M scenarios, although it is possible that devices such as user terminals may also require a one-time temporary ID.
In a M2M application, a device could sit silently for potentially long periods, then wake up and send data before going back to “sleep”. An example of such a device include a device to be used during road works, which is positioned to alert workers about changing conditions, such as traffic on a seldom used access road. A further example of such a device is one that is designed to detect and report a rise in the water level of a normally dry river. A further example of device that requires a one-time temporary ID is a postage parcel, which sends a message when it has arrived and is being opened. A further example is that if a device located in a deformation zone of a vehicle, which sends an alert when it is being deformed.
In scenarios such as those described above, it is not desirable for the terminal to download a USIM for continuous use. This would be an inefficient use of resources and there is a limited number of IMSIs that can be associated with a USIM.
When using a one-time temporary ID, it is desirable for it to become unavailable for use after a time. There are methods available to remove a digital object such as a downloaded USIM which is not required to be used further. Such methods include using a counter or timer to determine when to remove the digital object. However, it is easy for a malicious attacker to fool a system that relies on a counter or timer.